This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Jean-Yves Gilg

Editor, Solicitors Journal

Microsoft pulls the plug on data security

News
Share:
Microsoft pulls the plug on data security

By

Firms risk falling foul of compliance issues if client information is not safe

Law firms have been urged to update their IT systems to avoid placing client data at risk amid fears in a rise of hacker and malware intrusions.

From 14 July 2015, Microsoft's Windows Server 2003 (WS2003) will no longer provide support and security patches to more than 10 million machines, many of which are in UK law firms.

Cloud computing specialist ConvergeTS suggests that firms still using the server will be more susceptible to hackers, while no security updates will result in a less powerful and responsive management system. This could all place confidential information at a greater risk to online theft.

Nigel Wright, managing director of ConvergeTS, said: 'Law firms need to act now to avoid increased security risks if using Windows Server 2003, as well as ensure their systems are fit for purpose and IT strategies are in line with their plans for growth.'

Furthermore, Wright advised that any firms using WS2003 after 14 July may fall foul of compliance issues.

Principles 5, 8 and 10 of the Solicitors Regulation Authority's (SRA) code of conduct are all impacted by IT as these relate to services to clients, risk management and protection of assets.

Firms must be sure they can provide robust systems that can handle the pressures of shifting workloads and demands; deliver a cast iron guarantee to clients that they won't be affected by IT down time or mini-disasters (such as extreme weather) preventing staff getting into work; and deliver failsafe systems for the handling of money and assets.

Moreover, Lexcel accreditation requires practices to have a business continuity plan to evaluate potential risks and the likelihood of their impact as well as ways to reduce, avoid, and transfer said risks.

The legal sector is among those at high risk of surveillance threats; following Edward Snowden's revelations last July, firms have been urged to encrypt data in order to protect confidentiality. However, the task becomes more difficult when systems are prone to malware.

Solicitors were recently warned by the government to protect their computers against GameOver Zeus, malicious software that was supposed to encrypt data, but instead, held that data hostage.

Upgrading the system might be the only way for firms to minimise the security risks.

'We strongly recommend that law firms consider updating to modern server hardware and software in order to secure confidential information and ensure their firm can continue compete effectively,' added Wright.

In addition, firms failing to update their systems may well incur further operating costs and fall behind in the market.